Abstract: Methods are described for two parties to use a small shared secret (S) to mutually authenticate one another other over an insecure network. The methods are secure against off-line dictionary attack and incorporate an otherwise unauthenticated public key distribution system. One embodiment uses two computers Alice and Bob, and a Diffie-Hellman exponential key exchange in a large prime-order finite group. Both parties choose the same generator of the group (g) as a function of S. Alice chooses a random number RA, and sends gRA to Bob. Bob chooses a random RB, sends gRB to Alice. Both compute a shared key K=g(RARB). Each party insures that K is a generator of the group, verifies that the other knows K, and then uses K as an authenticated key. Constraints are described to prevent passive and active attacks. An extension is described where Alice proves knowledge of S to Bob who knows only a one-way transformation of S.

Abstract: Reservation and allocation of additional space on a hard disk drive for use by an end user is disclosed. A user-accessible area of a hard disk drive is enlarged by determining if a boot engineering extension record is present. If the boot engineering extension record is present, the amount of free media space in the host protected area of the hard disk drive is determined. If media space is available, the unused portion of the host protected area is converted to be user-accessible.

Abstract: A method that adjusts the host protected area of a hard disk drive automatically using BIOS during power on self test (POST) by adjusting the start address of the host protected area of the hard disk drive and all service entries in the directory of services. Host protected area physical disk addresses are automatically adjusted by the BIOS when the hard disk drive has a different location from the host protected area used to create the source image of the data placed in the host protected area of the hard disk drive.

Abstract: A computer having storage apparatus with protected and drive data areas and with an operating system stored in the storage apparatus. The computer is controlled to select a hard drive of the storage apparatus and determine if the selected hard drive has a protected area for storing diagnostic programs and data in combination with a drive data area for storing user information. The computer has operating apparatus for adjusting sizes of the selected hard drive protected and drive data areas in accordance with requirements of a user of the computer and for reallocating storage of data in the adjusted data areas.

Abstract: Computer systems and methods that provide for cacheable above one megabyte system management random access memory (SMRAM). The systems and methods comprise a central processing unit (CPU) having a processor and a system management interrupt (SMI) dispatcher, a cache coupled to the CPU, and a chipset memory controller that interfaces the CPU to a memory. The memory includes system memory and the system management random access memory. The systems and methods un-cache the SMRAM while operating outside of system management mode, transfer CPU operation to system management mode upon execution of a system management interrupt (SMI), and change cache settings to cache the extended memory and system management random access memory with write-through. The systems and methods then change cache settings to cache the extended memory with write-back and un-cache the SMRAM upon execution of an resume instruction.

Abstract: The present invention is a method and apparatus to re-generate a displayed image. Graphic information is retrieved from a first storage. A graphic controller uses the graphic information to generate the displayed image. The first storage is accessible to a processor and the graphic controller. The graphic information is stored in a second storage which is accessible to the processor. The stored graphic information is retrieved from the second storage. The stored graphic information is written to the first storage to cause the graphic controller to re-generate the displayed image.

Abstract: Systems, methods, and software that update or recover system firmware (BIOS) of a computer system using a utility running from a protected area of a mass storage device. This avoids the standard operating system environment and removes the possibility of tampering or deletion of required files. Files containing a copy of system firmware (BIOS) and a firmware update utility for writing to the system EEPROM or flash ROM are transferred to the mass storage device. Once the files are transferred, the area on the mass storage device containing these files are protected in a Host Protected Area, for example. After protecting or locking this area of the mass storage device, the system firmware or boot utility either boots the standard operating system or runs the firmware update utility from the Host Protected Area in recovery mode if the firmware is corrupted. This allows the firmware update utility to run in an environment outside of and independent of the standard operating environment of the computer system.

Abstract: The present invention is a method and system for accessing at least one emulated readable storage in a processor-based system. The system comprises a memory for storing instruction sequences by which the processor-based system is processed. The memory has at least one readable emulated storage location. A processor is coupled to the memory, and the stored instruction sequences cause the processor to (a) detect an access to at least one readable storage element; (b) transfer the access to the at least one readable storage element to an access to at least one readable emulated storage location; and (c) process an instruction sequence corresponding to the access to the at least one readable storage element.

Abstract: A memory manager, method and computer system that allows use of Extended Upper Memory Block (XUMB) memory space by system BIOS to store runtime code and data. In an exemplary memory manager, BIOS Power-On-Self-Test (POST) code sets up or allocates 1 the XUMB memory space at TP_SETUP_WAD (0D3h). The BIOS code finds space for the XUMB memory space in an extended memory space. The BIOS code then zeroes out the XUMB memory space and stores the address of the XUMB memory space in a variable. When different components of the BIOS code need to reserve memory in the XUMB memory space, they call a predetermined calling function. The calling function reserves memory for each of the different components in the XUMB memory space and allocates pointers to the specific addresses that may be used by these components. The BIOS components then copy their own data into these memory locations of the XUMB memory space.

Abstract: A program segment of a BIOS programs a PC processor to reliably read one or more time elements from a real-time clock (RTC) during a stable read window of a period during which an update in progress (UIP) bit from the RTC is not set.

Abstract: Methods for processing basic input output system (BIOS) modules of a computer to initialize the computer. The computer includes a system memory, a central processing unit (CPU), a computer bus, a critical nonvolatile storage device, and a secondary nonvolatile storage device. Selected BIOS modules required for operation of the computer are transferred from the critical nonvolatile storage device, and optionally a protected area of the secondary nonvolatile storage device, to system memory and executed to initialize the computer. Minimal BIOS initialization code is stored in a first portion of the critical nonvolatile storage device which is operative to initialize the CPU and the system memory. Additional BIOS modules are stored in the critical nonvolatile storage device or the protected area of the secondary nonvolatile storage device. A dispatch manager is stored in a second portion of the critical nonvolatile storage device.

Abstract: A method and apparatus for determining a computer system usage profile, and transmitting the computer system usage profile to a server which targets content to the computer system in response to the usage profile is described. A basic input output system (BIOS) module and/or an operating system module obtain computer system usage profile information by tracking events such as the frequency of re-boots, the time required to boot-up and shut-down the operating system on the computer system, the amount of time the computer system is “used”, and the frequency and amount of time the computer system is connected to the Internet. This data is collected and communicated to a profile server. The profile server targets content such as messages with graphics or informational material, etc. to the computer system based upon the computer system usage profile. In one embodiment, the content is displayed during boot-up and shut-down of the operating system.

Abstract: A flash memory is secured by disabling write access to the device, thereby preventing unauthorized updating or tampering of the contents. A cryptoengine is included in an integrated circuit (IC) with the flash memory. An attempt to write to the flash memory is successful only if a received encrypted certificate is authenticated by the cryptoengine. If not authenticated, the write enable signal line and the power applied to the flash memory are disabled.

Abstract: A method including copying a first application from a first non-volatile memory to a second non-volatile memory and setting the first application to be a start-up application. The method further includes booting-up an operating system and executing the first application. The method also includes determining if a suitable connection exists, determining if a needed bandwidth of the suitable connection is available, and downloading a second application if the suitable connection exists and the needed bandwidth of the suitable connection is available. The method then includes executing the second application. An apparatus for performing the method is also disclosed.

Abstract: A method for controlling I/O in a multi-processor environment, comprising the steps of: determining if an I/O instruction requiring an interrupt is being executed by one of the processors in the multi-processor environment to transfer data or a command between the processor and an I/O device; performing an interrupt if such an I/O instruction is detected; determining which of the processors in the multi-processor environment is executing an I/O instruction; if only one of the processors is executing an I/O instruction, setting a Last Processor indicator designating that one processor as the processor executing the I/O instruction; and transferring data or a command between the processor designated in the Last Processor indicator and the I/O device in response to the I/O instruction.

Abstract: A special BIOS includes a program application manager (PAM) and a file system structure (FSS) that points to addresses on a mass storage device (MSD) for an application and at least one presentation playable by the application. The BIOS calls the PAM on startup, and the PAM checks for an application, and finding same loads and executes the application before loading the operating system (OS). In a preferred embodiment the FSS is programmable, and the system after OS boot is started checks MSD devices for new FSS parameters, and finding same loads the parameters to the programmable FSS of the BIOS. In some embodiments parameters may cause presentations and associated applications to be accessed and executed in a rotating or serial order. In other embodiments the BIOS represents its own address space in RAM to the OS at OS boot to include the application, enabling the application to continue to execute during OS boot.

Abstract: A special BIOS includes a program application manager (PAM) and a file system structure (FSS) that points to addresses on a mass storage device (MSD) for an application and at least one presentation playable by the application. The BIOS calls the PAM on startup, and the PAM checks for an application and presentation, and finding same loads the application and plays the presentation before loading the operating system (OS). In a preferred embodiment the FSS is programmable, and the system after OS boot is started checks MSD devices for new FSS parameters, and finding same loads the parameters to the programmable FSS of the BIOS. In some embodiments parameters may cause presentations and associated applications to be accessed and executed in a rotating or serial order.

Abstract: A method and apparatus for secure processing of cryptographic keys, wherein a cryptographic key stored on a token is processed in a secure processor mode using a secure memory. A main system processor is initialized into a secure processing mode, which cannot be interrupted by other interrupts, during a power-on sequence. A user enters a Personal Identification Number (PIN) to unlock the cryptographic key stored on the token. The cryptographic key and associated cryptographic program are then loaded into the secure memory. The secure memory is locked to prevent access to the stored data from any other processes. The user is then prompted to remove the token and the processor exits the secure mode and the system continues normal boot-up operations. When an application requests security processing, the cryptographic program is executed by the processor in the secure mode such that no other programs or processes can observe the execution of the program.

Abstract: The present invention is a method and apparatus to re-generate a displayed image. Graphic information is retrieved from a first storage. A graphic controller uses the graphic information to generate the displayed image. The first storage is accessible to a processor and the graphic controller. The graphic information is stored in a second storage which is accessible to the processor. The stored graphic information is retrieved from the second storage. The stored graphic information is written to the first storage to cause the graphic controller to re-generate the displayed image.

Abstract: The present invention is an apparatus and method for providing power management apparatus for a circuit in a processor-based system. The apparatus comprises a memory to store instruction sequences by which the processor-based system is processed and a processor coupled to the memory. The stored instruction sequences cause the processor to: (a) determine a system access time of the circuit; (b) determine if the system access time is less than a first predetermined value, if so, increasing an accessibility period of the circuit, during which the circuit is active. Various embodiments are described.